Samuel Huntley

28 exploits Active since Feb 2015
CVE-2018-10690 WRITEUP HIGH WRITEUP
Moxa AWK-3121 1.14 - Unauthenticated Sensitive Data Exposure via Unencrypted HTTP Traffic
An issue was discovered on Moxa AWK-3121 1.14 devices. The device by default allows HTTP traffic thus providing an insecure communication mechanism for a user connecting to the web server. This allows an attacker to sniff the traffic easily and allows an attacker to compromise sensitive data such as credentials.
CVSS 8.1
CVE-2018-10691 WRITEUP HIGH WRITEUP
Moxa AWK-3121 1.14 - Unauthenticated Information Disclosure via System Log Download
An issue was discovered on Moxa AWK-3121 1.14 devices. It is intended that an administrator can download /systemlog.log (the system log). However, the same functionality allows an attacker to download the file without any authentication or authorization.
CVSS 7.5
CVE-2018-10692 WRITEUP MEDIUM WRITEUP
Moxa AWK-3121 1.14 - Stored Cross-Site Scripting via Session Cookie Theft
An issue was discovered on Moxa AWK-3121 1.14 devices. The session cookie "Password508" does not have an HttpOnly flag. This allows an attacker who is able to execute a cross-site scripting attack to steal the cookie very easily.
CVSS 6.1
CVE-2018-10693 WRITEUP HIGH WRITEUP
Moxa AWK-3121 1.14 - Buffer Overflow via Ping Functionality srvName Parameter
An issue was discovered on Moxa AWK-3121 1.14 devices. It provides ping functionality so that an administrator can execute ICMP calls to check if the network is working correctly. However, the same functionality allows an attacker to execute commands on the device. The POST parameter "srvName" is susceptible to a buffer overflow. By crafting a packet that contains a string of 516 characters, it is possible for an attacker to execute the attack.
CVSS 8.8
CVE-2018-10694 WRITEUP HIGH WRITEUP
Moxa AWK-3121 1.14 - Unauthenticated Sensitive Data Exposure via Unencrypted Wi-Fi
An issue was discovered on Moxa AWK-3121 1.14 devices. The device provides a Wi-Fi connection that is open and does not use any encryption mechanism by default. An administrator who uses the open wireless connection to set up the device can allow an attacker to sniff the traffic passing between the user's computer and the device. This can allow an attacker to steal the credentials passing over the HTTP connection as well as TELNET traffic. Also an attacker can MITM the response and infect a user's computer very easily as well.
CVSS 8.1
CVE-2018-10695 WRITEUP HIGH WRITEUP
Moxa AWK-3121 Firmware 1.14 - Buffer Overflow via Alert Email POST Parameters
An issue was discovered on Moxa AWK-3121 1.14 devices. It provides alert functionality so that an administrator can send emails to his/her account when there are changes to the device's network. However, the same functionality allows an attacker to execute commands on the device. The POST parameters "to1,to2,to3,to4" are all susceptible to buffer overflow. By crafting a packet that contains a string of 678 characters, it is possible for an attacker to execute the attack.
CVSS 8.8
CVE-2018-10696 WRITEUP HIGH WRITEUP
Moxa AWK-3121 1.14 - Cross-Site Request Forgery via Web Interface Forms
An issue was discovered on Moxa AWK-3121 1.14 devices. The device provides a web interface to allow an administrator to manage the device. However, this interface is not protected against CSRF attacks, which allows an attacker to trick an administrator into executing actions without his/her knowledge, as demonstrated by the forms/iw_webSetParameters and forms/webSetMainRestart URIs.
CVSS 8.8
CVE-2018-10697 WRITEUP HIGH WRITEUP
Moxa AWK-3121 1.14 - OS Command Injection via srvName Parameter
An issue was discovered on Moxa AWK-3121 1.14 devices. The Moxa AWK 3121 provides ping functionality so that an administrator can execute ICMP calls to check if the network is working correctly. However, the same functionality allows an attacker to execute commands on the device. The POST parameter "srvName" is susceptible to this injection. By crafting a packet that contains shell metacharacters, it is possible for an attacker to execute the attack.
CVSS 8.8
CVE-2018-10698 WRITEUP CRITICAL WRITEUP
Moxa AWK-3121 Firmware 1.14 - Unauthenticated Sensitive Data Exposure via Unencrypted TELNET Service
An issue was discovered on Moxa AWK-3121 1.14 devices. The device enables an unencrypted TELNET service by default. This allows an attacker who has been able to gain an MITM position to easily sniff the traffic between the device and the user. Also an attacker can easily connect to the TELNET daemon using the default credentials if they have not been changed by the user.
CVSS 9.8
CVE-2018-10699 WRITEUP HIGH WRITEUP
Moxa AWK-3121 Firmware 1.14 - OS Command Injection via iw_privatePass Parameter
An issue was discovered on Moxa AWK-3121 1.14 devices. The Moxa AWK 3121 provides certfile upload functionality so that an administrator can upload a certificate file used for connecting to the wireless network. However, the same functionality allows an attacker to execute commands on the device. The POST parameter "iw_privatePass" is susceptible to this injection. By crafting a packet that contains shell metacharacters, it is possible for an attacker to execute the attack.
CVSS 8.8
CVE-2018-10700 WRITEUP MEDIUM WRITEUP
Moxa AWK-3121 1.19 - Stored Cross-Site Scripting via iw_board_deviceName Parameter
An issue was discovered on Moxa AWK-3121 1.19 devices. It provides functionality so that an administrator can change the name of the device. However, the same functionality allows an attacker to execute XSS by injecting an XSS payload. The POST parameter "iw_board_deviceName" is susceptible to this injection.
CVSS 6.1
CVE-2018-10701 WRITEUP HIGH WRITEUP
Moxa AWK-3121 1.14 - Buffer Overflow via iw_filename POST Parameter
An issue was discovered on Moxa AWK-3121 1.14 devices. It provides functionality so that an administrator can run scripts on the device to troubleshoot any issues. However, the same functionality allows an attacker to execute commands on the device. The POST parameter "iw_filename" is susceptible to buffer overflow. By crafting a packet that contains a string of 162 characters, it is possible for an attacker to execute the attack.
CVSS 8.8
CVE-2018-10702 WRITEUP HIGH WRITEUP
Moxa AWK-3121 1.14 - OS Command Injection via iw_filename POST Parameter
An issue was discovered on Moxa AWK-3121 1.14 devices. It provides functionality so that an administrator can run scripts on the device to troubleshoot any issues. However, the same functionality allows an attacker to execute commands on the device. The POST parameter "iw_filename" is susceptible to command injection via shell metacharacters.
CVSS 8.8
CVE-2018-10703 WRITEUP HIGH WRITEUP
Moxa AWK-3121 Firmware 1.14 - Buffer Overflow via iw_serverip POST Parameter
An issue was discovered on Moxa AWK-3121 1.14 devices. It provides functionality so that an administrator can run scripts on the device to troubleshoot any issues. However, the same functionality allows an attacker to execute commands on the device. The POST parameter "iw_serverip" is susceptible to buffer overflow. By crafting a packet that contains a string of 480 characters, it is possible for an attacker to execute the attack.
CVSS 8.8
CVE-2015-2051 METASPLOIT HIGH ruby WORKING POC
D-Link DIR-645 Firmware < 1.05b01 - Remote Code Execution via HNAP GetDeviceSettings Action
The D-Link DIR-645 Wired/Wireless Router Rev. Ax with firmware 1.04b12 and earlier allows remote attackers to execute arbitrary commands via a GetDeviceSettings action to the HNAP interface.
CVSS 8.8
EIP-2026-101239 EXPLOITDB text WORKING POC
D-Link DIR-890L/R - Multiple Buffer Overflow Vulnerabilities
EIP-2026-101238 EXPLOITDB text WORKING POC
D-Link DIR-880L - Multiple Buffer Overflow Vulnerabilities
EIP-2026-101237 EXPLOITDB text WORKING POC
D-Link DIR-866L - Multiple Buffer Overflow Vulnerabilities
EIP-2026-101236 EXPLOITDB text WORKING POC
D-Link DIR-825 (vC) - Multiple Vulnerabilities
EIP-2026-101235 EXPLOITDB text WORKING POC
D-Link DIR-818W - Multiple Vulnerabilities
EIP-2026-101234 EXPLOITDB text WORKING POC
D-Link DIR-817LW - Multiple Vulnerabilities
EIP-2026-101233 EXPLOITDB text WORKING POC
D-Link DIR-815 / DIR-850L - SSDP Command Injection
EIP-2026-101232 EXPLOITDB text WORKING POC
D-Link DIR-815 - Multiple Vulnerabilities
EIP-2026-101230 EXPLOITDB text WORKING POC
D-Link DIR-645 - Multiple UPNP Vulnerabilities
EIP-2026-101228 EXPLOITDB text WORKING POC
D-Link DIR-615 - Multiple Buffer Overflow Vulnerabilities